[Dakeyras]

Hi.

Computer seems to be running faster at least starting up and getting the desktop open. It's still slow as a hog doing anything though (I think that I am not much older than the laptop).

Good. I concur the age of the machine is very probably a issue. Freeing up some further Hard-Drive free space may assist, some in-depth System Maintenance(defag' & check-disk etc). It may be also that the platters within the actual Hard-Drive itself are worn and this would affect overall performance also. Might be a idea to check the cooling vents are not clogged with debris as Laptops are prone to overheating issues and consider purchasing a Laptop Fan Stand to assist with cooling.

If we are about done with the malware, would you please help me with the sleep/hibernate problem? The only options at all are log off, shut down, and restart. It wasn't always like this but it seems like it could be a group policy thing.

No we are not quite done with the Malware Removal process just yet...but by all means I will try and assist with this issue you have mentioned.

TFC(Temp File Cleaner):

• Please download TFC to your desktop,
• Save any unsaved work. TFC will close all open application windows.
• Double-click TFC.exe to run the program.
• If prompted, click "Yes" to reboot.

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

• Please go here then click on:
  

  Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
  All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

• Select the option YES, I accept the Terms of Use then click on:
• When prompted allow the Add-On/Active X to install.
• Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
• Now click on Advanced Settings and select the following:

• • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
• Now click on:
• The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
• When completed the Online Scan will begin automatically.
• Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
• When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
• Now click on:
• Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
• Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

[Advertisements]

C:\Documents and Settings\Ben.LATLCNU5121JPM\My Documents\backup-bens-domain.com-6-3-2009.tar PHP/Kryptik.AB trojan
C:\Program Files\WebEx\WebEx\424\atpdmod.dll probably a variant of Win32/Genetik trojan
E:\My Documents and Desktop\My Documents\backup-bens-domain.com-6-3-2009.tar PHP/Kryptik.AB trojan

[Odal]

C:\Documents and Settings\Ben.LATLCNU5121JPM\My Documents\backup-bens-domain.com-6-3-2009.tar PHP/Kryptik.AB trojan
C:\Program Files\WebEx\WebEx\424\atpdmod.dll probably a variant of Win32/Genetik trojan
E:\My Documents and Desktop\My Documents\backup-bens-domain.com-6-3-2009.tar PHP/Kryptik.AB trojan

[Dakeyras]

Hi.

One of the online detections is a false positive relating to WebEx, so no further action is required with regard to that.

Now the other two appear to be backups in the the old TAR/Tape style backup format and may be also false positives considering the probable age of them...However malware is capable of infecting such if I recall correctly.

We have two options here, one you merely delete the backups unless they are absolutely needed...If so I can attempt to investigate the aforementioned folders and see if indeed there is a infection residing within etc. Let myself know what you have decided in your next reply, thank you.

Next:

Now concerning the hibernate issue, lets check the obvious first as follows:-

Click on Start >> Control Panel >> Power Options

Now click on the Hibernate tab >> check the Enable Hibernation option if not selected(if it is de-select, then re-select) >> Apply

Then click on the Power Schemes tab >> in the drop down menu select the option you wish(Portable/Laptop for example) >> Save As... >> OK >> Apply >> OK

Now click back on Power Options >> and under Settings For Portable/Laptop power scheme >> set what you wish via the drop down menus >> Apply >> OK

Then reboot the Laptop and check if the Hibernate option is available/working.

[Odal]

Hi, there is no Hibernate option. The four tabs are Power Schemes, Alarms, Power Meter, and Advanced.

Also: I went ahead and deleted them. They were probably infected because I believe his website got hijacked awhile back

Edited by Odal, 11 February 2011 - 04:17 PM.

[Dakeyras]

Hi.

I went ahead and deleted them. They were probably infected because I believe his website got hijacked awhile back

Fair play, a prudent wise/decision on your behalf...Without revealing too much(you should learn this during your ongoing Geeky training), investigating such can be problematic to say least! Plus I have always been of the mind myself if a backup is infected, it can be a fruitless task trying to identify the actual infected if you will and the best option is always cut the loss and delete etc.

there is no Hibernate option. The four tabs are Power Schemes, Alarms, Power Meter, and Advanced.

I am suspecting here it may be a option changed in the actual BIOS(Basic Input Output System), though I may be very well incorrect about this...Now to be be honest I am loathe to advise any further assistance with this as it basically falls outside my area of expertise if you will. As I primarily only provide Anti-Mal ware Support. With this in mind I suggest you seek assistance with regard to this in this part of the forum with the excellent IT support staff we have here in GTG.

Hardware, Components and Peripherals

By all means include the below URL for this topic and mention I advised you seek further assistance etc.

http://www.geekstogo.com/forum/topic/294505-spam-emails/

Next:

At this stage once you have acknowledged this post and I will(provide) post some advice about cleaning up the tools we have used during the Malaware removal process and provide some further advice about on line safety...Your brother should change the password for his Gmail account/change the secret question and the answer for that etc.

How to create a secure password:

When creating a new password use a series of both random upper/lower case letters and include some random alpha numerics also.

A example would be like: GTG111naymind334GTG*1>>12{/b] <---Do not use this one Odal(your brother either, merely a invented example for you both. .

This is a good test for the strength of any passwords created: Password Checker

[Odal]

Ok, thanks for all the help. Will post in the hardware forum.

[Dakeyras]

Hi.

Ok, thanks for all the help. Will post in the hardware forum.

You're welcome/OK.

Next:

Congratulations your Brother's computer appears to be malware free!

Now I have some tasks for your good self to carry out as part of a clean up process and some advice about online safety.

Importance of Regular System Maintenance:

I advice you read both of the below listed topics as this will go a long way to keeping your Computer performing well.

Help! My computer is slow!

Also so is this:

What to do if your Computer is running slowly

Reset SR Points/Clean up with OTL:

• Double-click OTL to start the program.
• Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:Commands
[ClearAllRestorePoints]

• Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
• Then click the red Run Fix button.
• Let the program run unhindered. When finished click on OK and close the log that appears.
• Note: I do not need to review the log produced.
• Now close all other programs apart from OTL as this step will require a reboot.
• On the OTL main screen, depress the CleanUp button.
• Say Yes to the prompt and then allow the program to reboot your computer.

The above process will flush old System Restore points and create a new clean one. It should also clean up and remove the vast majority of scanners used and logs created etc.

Any left over merely delete yourself and empty the Recycle Bin.

Now some advice for on-line safety:

Malwarebyte's Anti-Malware:

This is a excellent application and I advise you keep this installed. Check for updates and run a scan once a week.

Other installed security software:

Your presently installed security application, Avira AntiVir automatically checks for updates and downloads/installs them with every system reboot and or periodically if the machine is left running providing a internet connection is active.

I advise you also run a complete scan with this also once per week.

Erunt:

Emergency Recovery Utility NT, I advice you keep this installed as a means to keep a complete backup of your registry and restore it when needed.

Myself I would actually create a new back up once per week as this along with System Restore may prove to be invaluable if something unforeseen occurs!

Keep your system updated:

Microsoft releases patches for Windows and other products regularly:

• I advise you visit: http://update.micros...t.aspx?ln=en-us
• Install the Active X
• Once installed it will advise set Auto-Updates if not set and you then you will be able to manually check for updates also via:
• Start >> All Programs >> Microsoft Updates

Be careful when opening attachments and downloading files:

Never open email attachments, not even if they are from someone you know. If you need to open them, scan them with your antivirus program before opening.
Never open emails from unknown senders.
Beware of emails that warn about viruses that are spreading, especially those from antivirus vendors. These email addresses can be easily spoofed. Check the antivirus vendor websites to be sure.
Be careful of what you download. Only download files from known sources. Also, avoid cracked programs. If you need a particular program that costs too much for you, try finding free alternatives on Sourceforge or Pricelessware.

Stop malicious scripts:

Windows by default allow scripts (which is VBScript and JavaScript) to run and some of these scripts are malicious. Use Noscript by Symantec or Script Defender by AnalogX to handle these scripts.

Avoid Peer to Peer software:

P2P may be a great way to get lots of seemingly freeware, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well. My advice is avoid these types of software applications.

Hosts File:

A Hosts file is like a phone book. You look up someone's name in the phone book before calling him/her. Similarly, your computer will look up the website's IP address before you can view the website.

Hosts file will replace your current Hosts file with another one containing well-known advertisement sites, spyware sites and other bad sites. This new Hosts file will protect you by re-directing these bad sites to 127.0.0.1.

Here are some Hosts files:

• MVPS Hosts File
• hpHosts

Only use one of the above!

Install WinPatrol:

WinPatrol alerts you about possible system hijacks, malware attacks and critical changes made to your computer without your permission.

Download it from here.

You can find information about how WinPatrol works here.

Next:

This is a very helpful/useful set of advice from Microsoft: Microsoft Online Safety.

Any questions? Feel free to ask, if not stay safe!

[Dakeyras]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.